From: Kalin KOZHUHAROV <kalin@thinrope.net>
To: linux-kernel@vger.kernel.org
Subject: Re: Entirely ignoring TCP and UDP checksum in kernel level
Date: Sat, 21 Aug 2004 16:36:34 +0900 [thread overview]
Message-ID: <cg6u22$kk$1@sea.gmane.org> (raw)
In-Reply-To: <S268868AbUHUHCe/20040821070234Z+1825@vger.kernel.org>
Josan Kadett wrote:
> It is definetely impossible to use IPTables to handle packets with incorrect
> checksums since NAT would drop the connection right away, otherwise I would
> not have been asking this question here.
>
> -----Original Message-----
> From: Aidas Kasparas [mailto:a.kasparas@gmc.lt]
> Sent: Saturday, August 21, 2004 8:54 AM
> To: Josan Kadett
> Subject: Re: Entirely ignoring TCP and UDP checksum in kernel level
>
> How about setting up a separate box which would listen on that
> 192.168.77.1 address and MASQUERADE connections to your crazy box from
> 192.168.1.x address? Maybe then you would no longer need to break things
> in kernel?
Isn't rp_filter for this?
A chunk of my iptables firewall script is:
# Force route verification
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f; done
So why don't you try:
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo "0" > $f; done
Kalin.
--
|| ~~~~~~~~~~~~~~~~~~~~~~ ||
( ) http://ThinRope.net/ ( )
|| ______________________ ||
next prev parent reply other threads:[~2004-08-21 7:37 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <4126F16D.1000507@gmc.lt>
2004-08-21 8:02 ` Entirely ignoring TCP and UDP checksum in kernel level Josan Kadett
2004-08-21 7:36 ` Kalin KOZHUHAROV [this message]
2004-08-21 8:54 ` Josan Kadett
[not found] <41285DB3.6070605@wasp.net.au>
2004-08-22 10:14 ` Josan Kadett
2004-08-22 11:48 ` James Courtier-Dutton
2004-08-22 10:25 ` Josan Kadett
2004-08-22 9:36 ` Brad Campbell
2004-08-22 10:48 ` Josan Kadett
2004-08-22 13:10 ` Brad Campbell
2004-08-22 13:13 ` Brad Campbell
2004-08-22 19:27 ` Josan Kadett
2004-08-22 20:28 ` Josan Kadett
2004-08-23 3:38 ` David Meybohm
2004-08-23 5:26 ` Josan Kadett
2004-08-23 8:40 ` Josan Kadett
2004-08-22 9:19 Brad Campbell
-- strict thread matches above, loose matches on Subject: below --
2004-08-22 6:17 Brad Campbell
2004-08-22 7:18 ` Josan Kadett
2004-08-22 7:24 ` Josan Kadett
2004-08-22 7:04 ` Brad Campbell
2004-08-22 8:12 ` Josan Kadett
2004-08-22 8:29 ` Brad Campbell
[not found] <04Aug21.205911edt.41960@gpu.utcc.utoronto.ca>
2004-08-22 2:08 ` Josan Kadett
2004-08-22 6:01 ` Brad Campbell
2004-08-22 7:06 ` Josan Kadett
[not found] <1093120934.854.155.camel@krustophenia.net>
2004-08-21 20:46 ` Lee Revell
2004-08-21 21:53 ` Josan Kadett
[not found] <4126FDD8.1090101@gmc.lt>
2004-08-21 9:00 ` Josan Kadett
2004-08-21 8:11 ` Denis Vlasenko
2004-08-21 9:18 ` Josan Kadett
2004-08-21 8:26 ` Lee Revell
2004-08-21 9:35 ` Josan Kadett
2004-08-21 9:14 ` Vojtech Pavlik
[not found] <1093078213.854.76.camel@krustophenia.net>
2004-08-21 8:58 ` Lee Revell
2004-08-21 21:41 ` Josan Kadett
2004-08-21 8:27 Denis Vlasenko
2004-08-21 8:41 ` Lee Revell
2004-08-21 9:50 ` Josan Kadett
2004-08-21 9:06 ` Kalin KOZHUHAROV
2004-08-21 21:46 ` Josan Kadett
2004-08-21 9:39 ` Josan Kadett
2004-08-21 6:15 Josan Kadett
2004-08-21 7:10 ` Willy Tarreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='cg6u22$kk$1@sea.gmane.org' \
--to=kalin@thinrope.net \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox